Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

DETAILED ACTION
Continued Examination Under 37 CFR 1.114

1.       A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after final rejection.  Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114.  
Applicant's submission filed on 5-4-2021 has been entered.

2.        Claims 1 - 9, 13 - 23 are pending. Claims 1, 9, 21, 23 have been amended.  Claims 10 - 12 are canceled.  Claims 1, 21, 23 are independent.  This application was filed on 2-18-2020.  

Response to Arguments

3.    Applicant’s arguments, see Arguments/Remarks Made in an Amendment, filed 5-4-2021, with respect to the rejection(s) under Zettler in view Chien have been fully considered and are persuasive.  Therefore, the rejection has been withdrawn.  However, upon further consideration, a new ground(s) of rejection is made in view of Zettler in view Chien and further in view of Babu.

A.  Applicant argues on page 7 of Remarks:    ...   no teaching in Zettler as to why FW1 and FW2 should be interpreted as separate devices   ...   . 

    The Examiner respectfully disagrees.   Zettler discloses two separate sensor devices providing measurements for determining the existence of a fault.  Deviations between measurements of the two sensor devices above a threshold parameter indicates a malfunction.  Fault detection system determines whether a faults exists based upon a comparison and a predetermined margin of sensor firmware information. (see Zettler paragraphs [0003]; [0008])

B.  Applicant argues on page 7 of Remarks:    ...   "determine an acceptable or unacceptable performance for the firmware"   ...   . 

    The Examiner respectfully disagrees.  Zettler discloses the capability to determine whether a measurement of firmware detects a fault or unacceptable condition associated with the firmware. (see Zettler paragraph [0009], lines 1-8: comparison component configured to compare a first result with a second result and output a comparison result; comparison component configured to determine whether a fault exists based on a comparison result and a predetermined margin; (a fault detection signal is output only due to a condition when a fault is detected; access enabled otherwise))

C.  Applicant argues on pages 7-8 of Remarks:    ...   "wherein the firmware measurements and the further firmware measurement are based on measurement of firmware instructions and not on measurement of firmware data or firmware settings..."   ...   . 

    The Examiner respectfully disagrees.  Babu discloses the generated firmware measurements are associated with the set of instructions comprising the firmware. (see Babu paragraph [0022], lines 1-12: integrated circuit performs a particular function implemented as a set of instructions executed; firmware tool generates a statistical profile (associated with firmware) that measures the frequency that instructions are executed; (measurements associated with firmware looks at the set of instructions and the usage of the instructions))   	
The rest of applicant’s argument has been considered but moot in view of new grounds of rejections set forth below.

Claim Rejections - 35 USC § 103  

4.        The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

5.        Claims 1 - 4, 8, 9, 15, 16, 21, 23 are rejected under 35 U.S.C. 103 as being unpatentable over Zettler et al. (US PGPUB No. 20180018208) in view of Chien et al. (US PGPUB No. 20180314507) and further in view of Babu et al. (US PGPUB No. 20040260913).  	

Regarding Claims 1, 21, 23, Zettler discloses a method for checking firmware integrity of electronic devices and a system for checking firmware integrity of electronic devices and a non-transient computer readable medium that stores instructions, which, when 
a)  receiving, by a server from each of a first threshold number of electronic devices, an identically performed firmware measurement. (see Zettler paragraph [0008], lines 1-13: first processor configured to receive a first measurement, execute a first firmware based on the first measurement, and output a first result; a second processor identical to the first processor and configured to receive a second measurement, execute as second firmware based on the second measurement and output a second result)    
b)  determining, by the server, that at least a second threshold number of the received firmware measurements are identical; (see Zettler paragraph [0008], lines 1-13: first processor configured to receive a first measurement, execute a first firmware based on the first measurement, and output a first result; a second processor identical to the first processor and configured to receive a second measurement, execute as second firmware based on the second measurement and output a second result; first result and second result are expected to be within a predetermined margin)
c)  defining, by the server, one of said identical firmware measurements to be a silver measurement; (see Zettler paragraph [0009], lines 1-8: comparison component configured to compare a first result with a second result and output a comparison result; comparison component configured to determine whether a fault exists based on a comparison result and a predetermined margin (i.e. baseline threshold measurement)) and 

e)  comparing, by the processor the further firmware measurement with the silver measurement. (see Zettler paragraph [0009], lines 1-8: comparison component configured to compare a first result with a second result and output a comparison result; comparison component configured to determine whether a fault exists based on a comparison result and a predetermined margin; output a fault detection signal on condition that a fault is detected)

Zettler does not specifically disclose for a): said devices have an identical make, an identical model and a firmware with an identical version number, b): firmware measurements (i.e. characteristics) are identical, c): firmware measurements (i.e. characteristics) are identical, d): electronic device having the identical make, identical model and a firmware with an identical version number, and e): further firmware measurement (i.e. analogous with identical firmware measurement). 
However, Chien discloses wherein for a): said devices have an identical make, an identical model and a firmware with an identical version number, b): firmware measurements are identical, c): firmware measurements are identical, and d): electronic device having the identical make, identical model and a firmware with an 
        It would have been obvious to one of ordinary skill in the art, before the effective filing date of the claimed invention, to modify Zettler for a): said devices have an identical make, an identical model and a firmware with an identical version number, b): firmware measurements (i.e. characteristics) are identical, c): firmware measurements (i.e. characteristics) are identical, and d): electronic device having the identical make, identical model and a firmware with an identical version number, and e): further firmware measurement (i.e. analogous with identical firmware measurement) as taught by Chien. One of ordinary skill in the art would have been motivated to employ the teachings of Chien for the benefits achieved from a system that enables the processing of multiple types of firmware objects including objects with identical firmware attributes. (see Chien paragraph [0042], lines 16-21)  

Furthermore, Zettler-Chien does not specifically disclose for d): firmware measurements and further firmware measurement are based on measurement of firmware instructions and not on measurement of firmware data or firmware settings.
However, Babu discloses for d): wherein the firmware measurements and the further firmware measurement are based on measurement of firmware instructions and not on measurement of firmware data or firmware settings. (see Babu paragraph [0022], lines 1-12: integrated circuit performs a particular function implemented as a set of 
        It would have been obvious to one of ordinary skill in the art, before the effective filing date of the claimed invention, to modify Zettler-Chien for d): firmware measurements and further firmware measurement are based on measurement of firmware instructions and not on measurement of firmware data or firmware settings as taught by Babu. One of ordinary skill in the art would have been motivated to employ the teachings of Babu for the benefits achieved from a system that enables profiling or determining a frequency of instruction usage and analogous to generating a measurement value associated with a set of firmware instructions. (see Babu paragraph [0012], lines 1-4)  

Furthermore for Claim 21, Zettler discloses wherein a server; and a processor in the server; and a non-transient computer readable memory in the server that stores instructions, which, when executed by the processor, cause the server to perform operations. (see Zettler paragraph [0121], lines 1-11: system implementation performed using digital storage medium having readable control signals stored thereon, which cooperate with a programmable computer system to perform the respective method; paragraph [0097], lines 1-9: computer system comprising a processor in communication with a memory; processor includes control structures (i.e. instruction unit) and data path structures (i.e. execution unit); and fetch instructions and execute) 

Regarding Claim 2, Zettler-Chien-Babu discloses the method of claim 1, wherein the processor is in the server. (see Zettler paragraph [0097], lines 1-9: computer system having a processor in communication with a memory system; processor includes control structures (i.e. instruction unit) and data path structures (i.e. execution unit); fetch instructions and execute via processor; computing system analogous to a server system))     

Regarding Claim 3, Zettler-Chien-Babu discloses the method of claim 1, further comprising:
a)  determining, by the processor, that the further firmware measurement is different from the silver measurement; (see Zettler paragraph [0009], lines 1-8: comparison component configured to compare a first result with a second result and output a comparison result; comparison component configured to determine whether a fault exists based on a comparison result and a predetermined margin; output a fault detection signal on condition that a fault is detected (measurement is different)) and 
b)  taking, by the processor, a security action. (see Zettler paragraph [0009], lines 1-8: comparison component configured to compare a first result with a second result and output a comparison result; comparison component configured to determine whether a fault exists based on a comparison result and a predetermined margin; output a fault detection signal (security action) on condition that a fault is detected)

Regarding Claim 4, Zettler-Chien-Babu discloses the method of claim 3, wherein the security action taken is one or more of: 
a) generation of an alert; b) locking of the further electronic device; c) display of a pop-up message on the electronic device; and d) display of a pop-up message on the server. (see Zettler paragraph [0009], lines 1-8: comparison component configured to compare a first result with a second result and output a comparison result; comparison component configured to determine whether a fault exists based on a comparison result and a predetermined margin; output a fault detection signal (alert) on condition that a fault is detected; (selected: generation of an alert))    

Regarding Claim 8, Zettler-Chien-Babu discloses the method of claim 1, further comprising:
a)  determining, by the processor, that the further firmware measurement is equal to the silver measurement; (see Zettler paragraph [0009], lines 1-8: comparison component configured to compare a first result with a second result and output a comparison result; comparison component configured to determine whether a fault exists based on a comparison result and a predetermined margin; (a fault detection signal is output only due to the condition when a fault is detected; access enabled otherwise)) and
b)  permitting, by the processor, continued unhindered use of the further electronic device. (see Zettler paragraph [0009], lines 1-8: comparison component configured to compare a first result with a second result and output a comparison result; comparison component configured to determine whether a fault exists 

Regarding Claim 9, Zettler-Chien-Babu discloses the method of claim 1. 
Zettler-Babu does not specifically disclose firmware measurement are based on either: the firmware version and a date of the firmware version; a time of the firmware version; or one or more volumes of the firmware.
However, Chien discloses wherein the firmware measurement and the further firmware measurement are based on either: the firmware version and a date of the firmware version; a time of the firmware version; or one or more volumes of the firmware. (see Chien paragraph [0042], lines 16-21: delivery of latest firmware package; if comparison determines the two are identical (i.e. same make, model, and version), MC ensures that firmware package is the one originally signed; verified firmware package used to upgrade the firmware version; (two firmware entities are determined to be identical); (selected: firmware version))  
        It would have been obvious to one of ordinary skill in the art, before the effective filing date of the claimed invention, to modify Zettler-Babu for firmware measurement are based on either: the firmware version and a date of the firmware version; a time of the firmware version; or one or more volumes of the firmware as taught by Chien. One of ordinary skill in the art would have been motivated to employ the teachings of Chien for the benefits achieved from a system that enables the processing of multiple types of 

Regarding Claim 15, Zettler-Chien-Babu discloses the method of claim 1, wherein the first threshold number is equal to the second threshold number. (see Zettler paragraph [0008], lines 1-13: first processor configured to receive a first measurement, execute a first firmware based on the first measurement, and output a first result; a second processor identical to the first processor and configured to receive a second measurement, execute as second firmware based on the second measurement and output a second result; (same number of tests completed for first and second measurement determinations))        

Regarding Claim 16, Zettler-Chien-Babu discloses the method of claim 1, wherein the first threshold number is greater than the second threshold number, the method further comprising:
a)  permitting, by the server, continued unhindered use of those of the electronic devices that have a firmware measurement equal to the silver measurement; (see Zettler paragraph [0009], lines 1-8: comparison component configured to compare a first result with a second result and output a comparison result; comparison component configured to determine whether a fault exists based on a comparison result and a predetermined margin; (a fault detection signal is output only due to a condition when a fault is detected; access enabled otherwise)) and


6.        Claims 5 - 7, 14, 17 are rejected under 35 U.S.C. 103 as being unpatentable over Zettler in view of Chien and further in view of Babu and Boone et al. (US PGPUB No. 20140109076).

Regarding Claim 5, Zettler-Chien-Babu discloses the method of claim 1, further comprising:
a)  determining, by the processor, that the further firmware measurement is equal to the silver measurement. (see Zettler paragraph [0009], lines 1-8: comparison component configured to compare a first result with a second result and output a comparison result; comparison component configured to determine whether a fault exists based on a comparison result and a predetermined margin; (a fault detection signal is output only due to the condition when a fault is detected; access enabled otherwise)) 

Zettler--Chien-Babu does not specifically disclose firmware of electronic device is out of date. 

b)  determining, by the processor, that the firmware of the further electronic device is out of date. (see Boone paragraph [0011], lines 12-16: configured to cause transition to downloaded newer version (up-to-date version) of firmware, shutting down a previous version (out of date version) of firmware)   
        It would have been obvious to one of ordinary skill in the art, before the effective filing date of the claimed invention, to modify Zettler-Chien-Babu for firmware of electronic device is out of date as taught by Boone. One of ordinary skill in the art would have been motivated to employ the teachings of Boone for the benefits achieved from a system that enables verification of latest versions of firmware for data processing within a network environment. (see Boone paragraph [0011], lines 12-16)   

Regarding Claim 6, Zettler-Chien-Babu discloses the method of claim 1, further comprising:
a)  receiving, by the processor, a different version number from the further electronic device. (see Zettler paragraph [0009], lines 1-8: comparison component configured to compare a first result with a second result and output a comparison result; comparison component configured to determine whether a fault exists based on a comparison result and a predetermined margin; output a fault detection signal on condition when a fault is detected)

Zettler-Chien-Babu does not specifically disclose a different version number is earlier than the version number. 

b)  determining, by the processor, that the different version number is earlier than the identical version number; and c) generating, by the processor, a security alert indicating that the firmware of the further electronic device has been rolled back.  (see Boone paragraph [0011], lines 12-16: configured to cause transition to downloaded newer version (up-to-date version) of firmware, shutting down a previous version of firmware; displaying an alert screen (security alert))   
        It would have been obvious to one of ordinary skill in the art, before the effective filing date of the claimed invention, to modify Zettler-Chien-Babu for a different version number is earlier than the version number as taught by Boone. One of ordinary skill in the art would have been motivated to employ the teachings of Boone for the benefits achieved from a system that enables verification of latest versions of firmware for data processing within a network environment. (see Boone paragraph [0011], lines 12-16)  

Regarding Claim 7, Zettler-Chien-Babu discloses the method of claim 1, further comprising:
a)  determining, by the processor, that the further firmware measurement is different from the silver measurement. (see Zettler paragraph [0009], lines 1-8: comparison component configured to compare a first result with a second result and output a comparison result; comparison component configured to determine whether a fault exists based on a comparison result and a predetermined margin; output a fault detection signal on condition when a fault is detected)    

Zettler-Chien-Babu does not specifically disclose firmware of electronic device is not properly locked (i.e. restrictions applied).
However, Boone discloses:
b)  determining, by the processor, that non-volatile memory in which the firmware of the further electronic device is stored is not properly locked. (see Boone paragraph [0014], lines 1-15: managing transition to newer versions of firmware includes restricting deployment of newer versions or override of one or more corresponding versions of firmware in accordance with a policy; (policy restrictions are not properly applied during processing of firmware)) 
    The Specification in paragraph [0056] discloses: in conjunction with an alert, a process may lock the device or permit restricted use only   ...   .    
        It would have been obvious to one of ordinary skill in the art, before the effective filing date of the claimed invention, to modify Zettler-Chien-Babu for firmware of electronic device is not properly locked as taught by Boone. One of ordinary skill in the art would have been motivated to employ the teachings of Boone for the benefits achieved from a system that enables verification of latest versions of firmware for data processing within a network environment. (see Boone paragraph [0011], lines 12-16)    

Regarding Claim 14, Zettler-Chien-Babu discloses the method of claim 1. 
Zettler-Chien-Babu does not specifically disclose storing result of comparing step in a database. 

        It would have been obvious to one of ordinary skill in the art, before the effective filing date of the claimed invention, to modify Zettler-Chien-Babu for storing result of comparing step in a database as taught by Boone. One of ordinary skill in the art would have been motivated to employ the teachings of Boone for the benefits achieved from a system that enables verification of latest versions of firmware for data processing within a network environment. (see Boone paragraph [0011], lines 12-16)

Regarding Claim 17, Zettler-Chien-Babu discloses the method of claim 1. 
Zettler-Chien-Babu does not specifically disclose firmware measurement performed by an application running in volatile memory.
However, Boone discloses wherein the firmware measurement and the further firmware measurement are performed by an application running in volatile memory. (see Boone paragraph [0035], lines 1-3: thin clients as well as servers include volatile computer storage media; (application stored in volatile storage))      
        It would have been obvious to one of ordinary skill in the art, before the effective filing date of the claimed invention, to modify Zettler-Chien-Babu for firmware measurement performed by an application running in volatile memory as taught by Boone. One of ordinary skill in the art would have been motivated to employ the       

7.        Claims 13, 20 are rejected under 35 U.S.C. 103 as being unpatentable over Zettler in view of Chien and further in view of Babu and Shivanna et al. (US PGPUB No. 20180330093).

Regarding Claim 13, Zettler-Chien-Babu discloses the method of claim 1.
Zettler-Chien-Babu does not specifically disclose firmware is either: a BIOS (Basic Input/Output System), or a UEFI (Unified Extensible Firmware Interface). 
However, Shivanna discloses wherein the firmware is either: a BIOS (Basic Input/Output System), or a UEFI (Unified Extensible Firmware Interface). (see Shivanna paragraph [0016], lines 1-7: firmware components include Unified Extensible Firmware Interface (UEFI) measurement engine)    
        It would have been obvious to one of ordinary skill in the art, before the effective filing date of the claimed invention, to modify Zettler-Chien-Babu for firmware is either: a BIOS (Basic Input/Output System), or a UEFI (Unified Extensible Firmware Interface) as taught by Shivanna.  One of ordinary skill in the art would have been motivated to employ the teachings of Shivanna for the benefits achieved from systems that enable the establishment of trusted systems based upon system firmware. (see Shivanna paragraph [0007], lines 10-12)

Regarding Claim 20, Zettler-Chien-Babu discloses the method of claim 1.

However, Shivana discloses wherein the firmware measurement and the further firmware measurement are hashes. (see Shivanna paragraph [0022], lines 5-9: measurement of firmware image generated using a cryptographic hash function (i.e. Secure Hash Algorithm (SHA)))   
        It would have been obvious to one of ordinary skill in the art, before the effective filing date of the claimed invention, to modify Zettler-Chien-Babu for firmware measurements that are hashes as taught by Shivanna. One of ordinary skill in the art would have been motivated to employ the teachings of Shivanna for the benefits achieved from systems that enable the establishment of trusted systems based upon system firmware. (see Shivanna paragraph [0007], lines 10-12) 

8.        Claims 18, 19, 22 are rejected under 35 U.S.C. 103 as being unpatentable over Zettler in view of Chien and further in view of Babu and Boone and Shivanna.

Regarding Claim 18, Zettler-Chien-Babu-Boone discloses the method of claim 17.
Zettler-Chien-Babu-Boone does not specifically disclose application present and functional by an operating system agent running under an operating system. 
However, Shivanna discloses wherein the application is maintained to be present and functional by an operating system agent running under an operating system of the electronic device. (see Shivanna paragraph [0024], lines 5-8: UEFI is a specification that defines a software interface between an operating system and platform firmware; 
        It would have been obvious to one of ordinary skill in the art, before the effective filing date of the claimed invention, to modify Zettler-Chien-Babu-Boone for application present and functional by an operating system agent running under an operating system as taught by Shivanna. One of ordinary skill in the art would have been motivated to employ the teachings of Shivanna for the benefits achieved from systems that enable the establishment of trusted systems based upon system firmware. (see Shivanna paragraph [0007], lines 10-12)  

Regarding Claim 19, Zettler-Chien-Babu-Boone discloses the method of claim 18. 
Zettler-Chien-Babu-Boone does not specifically disclose a persistent agent present and functional in memory of electronic device. 
However, Shivanna discloses wherein the operating system agent is maintained to be present and functional by a persistent agent present in non-volatile memory of the electronic device. (see Shivanna paragraph [0024], lines 5-8: UEFI is a specification that defines a software interface between an operating system and platform firmware; UEFI framework includes modules, drivers, protocols and applications; (allow execution of system agents)) 
        It would have been obvious to one of ordinary skill in the art, before the effective filing date of the claimed invention, to modify Zettler-Chien-Babu-Boone for a persistent agent present and functional in memory of electronic device as taught by Shivanna. One of ordinary skill in the art would have been motivated to employ the teachings of 

Regarding Claim 22, Zettler-Chien-Babu discloses the system of claim 21. 
Zettler-Chien-Babu does not specifically disclose for firmware measurement application running in volatile memory.
However, Boone discloses further comprising in each of the electronic devices:
a)  a firmware measurement application running in volatile memory. (see Boone paragraph [0035], lines 1-3: thin client as well as servers include volatile computer storage media; (application stored in volatile storage))      
        It would have been obvious to one of ordinary skill in the art, before the effective filing date of the claimed invention, to modify Zettler-Chien-Babu for firmware measurement application running in volatile memory as taught by Boone. One of ordinary skill in the art would have been motivated to employ the teachings of Boone for the benefits achieved from a system that enables verification of latest versions of firmware for data processing within a network environment. (see Boone paragraph [0011], lines 12-16)   

Zettler-Chien-Babu-Boone does not specifically disclose for b): an agent configured to maintain firmware measurement application present and functional in electronic device, and for c): configured to maintain operating system agent present and functional in electronic device.
However, Shivanna discloses further comprising in each of the electronic devices: 

c)  a persistent agent in non-volatile memory of the electronic device configured to maintain the operating system agent present and functional in the electronic device. (see Shivanna paragraph [0024], lines 5-8: UEFI is a specification that defines a software interface between an operating system and platform firmware; UEFI framework includes modules, drivers, protocols and applications; allow execution of pre-operating system agents)  
        It would have been obvious to one of ordinary skill in the art, before the effective filing date of the claimed invention, to modify Zettler-Chien-Babu-Boone for b): an agent configured to maintain firmware measurement application present and functional in electronic device, and for c): configured to maintain operating system agent present and functional in electronic device as taught by Shivanna.  One of ordinary skill in the art would have been motivated to employ the teachings of Shivanna for the benefits achieved from systems that enable the establishment of trusted systems based upon system firmware. (see Shivanna paragraph [0007], lines 10-12)

Conclusion

Any inquiry concerning this communication or earlier communications from the examiner should be directed to CARLTON JOHNSON whose telephone number is (571)270-1032.  The examiner can normally be reached on Work: 12-9PM (most days).
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Shewaye Gelagay can be reached on 571-272-4219.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.






/CJ/
June 7, 2021
                                                                                                                                                                                                        
                                                       
                                                                 
/SHEWAYE GELAGAY/Supervisory Patent Examiner, Art Unit 2436